[wp-hackers] Possible security patch
Ian Stewart
ian at themeshaper.com
Mon Dec 7 17:38:54 UTC 2009
I still think using a sanitized display name like, 'My Display Name'
becoming 'my-display-name', instead of using a sanitized login name would be
simpler. It would cover the classes and nice-looking URLs wouldn't it? And
it would give users the choice I imagine they think they're getting about
what to reveal in classes and URLs when they choose their display name.
On Mon, Dec 7, 2009 at 11:22 AM, Dre Feeds <feeds at armeda.com> wrote:
>
>
>
> Mark Jaquith wrote:
>>
>>> I think I have a better method of tackling this issue: We now prompt
>>> the user in the wp-admin when they are using the default install
>>> password or a reset password. What about if we do a similar prompt if
>>> "admin" is the only user on the blog, suggesting that they create a
>>> second user name and use THAT for posting?
>>>
>>
>> What about simply asking the user about renaming 'admin' to something more
>> personal?
>>
>> Ozh
>>
>
> What about a second built-in account specifically built for posting and
> simply asking the user to rename this account. I think we separate them all
> together so there is no confusion.
>
> Dre Armeda
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
--
Ian Stewart
http://ThemeShaper.com/
http://twitter.com/iandstewart/
http://ianstewart.stumbleupon.com/
More information about the wp-hackers
mailing list